Detections
Analytics

Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc)

high Nessus Plugin ID 73018

Language:

Synopsis

The remote device is missing a vendor-supplied security update.

Description

The remote Cisco Wireless LAN Controller (WLC) is affected by one or more of the following vulnerabilities :

 - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. (CSCue87929, CSCuf80681)

 - An error exists related to the handling of WebAuth logins that could allow denial of service attacks.
 (CSCuf52361)

 - An error exists related to the unintended enabling of the HTTP administrative interface on Aironet access points due to flaws in the IOS code pushed to them by the controller. (CSCuf66202)

 - A memory over-read error exists related to IGMP handling that could allow denial of service attacks.
 (CSCuh33240)

 - An error exists related to the multicast listener discovery (MLD) service and malformed MLD version 2 message handling that could allow denial of service attacks. (CSCuh74233)

Solution

Apply the relevant mitigation steps or apply the patch referenced in Cisco Security Advisory cisco-sa-20140305-wlc.

Note that Cisco 2000 Series WLC, Cisco 4100 Series WLC, Cisco NM-AIR-WLC, and Cisco 500 Series Wireless Express Mobility Controllers have reached end-of-software maintenance. Contact the vendor for upgrade recommendations.

See Also

http://www.nessus.org/u?788c0675

Plugin Details

Severity: High

ID: 73018

File Name: cisco-sa-20140305-wlc.nasl

Version: 1.10

Type: combined

Family: CISCO

Published: 3/14/2014

Updated: 8/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2014-0701

Vulnerability Information

CPE: cpe:/o:cisco:wireless_lan_controller_software, cpe:/h:cisco:wireless_lan_controller

Required KB Items: Host/Cisco/WLC/Version, Host/Cisco/WLC/Port

Exploit Ease: No known exploits are available

Patch Publication Date: 3/5/2014

Vulnerability Publication Date: 3/5/2014

Reference Information

CVE: CVE-2014-0701, CVE-2014-0703, CVE-2014-0704, CVE-2014-0705, CVE-2014-0706, CVE-2014-0707

BID: 65977, 65980, 65982, 65983, 65985, 65986